CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-47392 MEDIUM
Mercedes me < 1.34.0 - Unauthorized User Cart Exposure via Crafted Add Order Request
CVSS 5.3
CVE-2023-6248 CRITICAL
Digital Communications Syrus4 IoT Gateway - Unsecured MQTT Code Execution
CVSS 10.0
CVE-2023-49103 CRITICAL KEV
ownCloud Phpinfo Reader
CVSS 10.0
CVE-2023-47643 LOW
SuiteCRM < 8.4.2 - Unauthenticated Exposure of Sensitive Information via GraphQL Introspection
CVSS 3.1
CVE-2023-48294 MEDIUM
LibreNMS < 23.11.0 - Authenticated Device Enumeration via graph.php
CVSS 4.3
CVE-2023-47642 MEDIUM
Zulip Server 1.3.0-7.5 - Exposure of Sensitive Stream Metadata via API
CVSS 4.3
CVE-2023-6105 MEDIUM
ManageEngine Products - Unauthorized Encryption Key Exposure
CVSS 5.5
CVE-2023-39337 CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Sensitive Information Exposure via Device Identifier
CVSS 9.1
CVE-2023-47126 LOW
TYPO3 12.2.0-12.4.7 - Unauthenticated Sensitive Information Exposure via Install Tool Login Screen
CVSS 3.7
CVE-2023-28723 LOW
Intel Aptio V UEFI Firmware Integrator Tools - Authenticated Information Disclosure via Local Access
CVSS 3.3
CVE-2023-24588 MEDIUM
Intel Optane SSD Firmware - Unauthenticated Information Disclosure via Physical Access
CVSS 5.9
CVE-2023-41676 MEDIUM
FortiSIEM < 6.7.5 and 7.0.0 - Unauthenticated Sensitive Information Exposure via Windows Agent Logs
CVSS 4.3
CVE-2023-36043 MEDIUM
Microsoft Open Management Infrastructure - Information Disclosure
CVSS 6.5
CVE-2023-47117 HIGH
Label Studio < 1.9.2 - Exposure of Sensitive Information via Django ORM Filter Chain
CVSS 7.5
CVE-2023-6101 MEDIUM
Maiwei Safety Production Control Platform 4.1 - Info Disclosure
CVSS 5.3
CVE-2023-6100 MEDIUM
Maiwei Safety Production Control Platform 4.1 - Info Disclosure
CVSS 5.3
CVE-2023-42781 MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
CVSS 6.5
CVE-2023-6076 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - Info Disclosure
CVSS 5.3
CVE-2023-47614 LOW
Telit Cinterion BGS5 EHS5/6/8 PDS5/6/8 ELS61/81 PLS62 - Unauthorized Sensitive Information Exposure
CVSS 3.3
CVE-2023-45816 LOW
Discourse < 3.1.3 and < 3.2.0.beta3 - Unauthorized Access to Bookmarkable Resources via Notification Edge Case
CVSS 3.3
CVE-2023-5551 LOW
moodle < 3.9.24 and 4.3.0-beta-4.3.0-rc2 - Exposure of Sensitive Information via Forum Summary Report
CVSS 3.3
CVE-2023-5545 LOW
moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Exposure of Sensitive Information via H5P Metadata Author Field
CVSS 3.3
CVE-2023-43791 CRITICAL
Label Studio <1.8.2 - Privilege Escalation
CVSS 9.8
CVE-2023-47616 LOW
Telit Cinterion BGS5 EHS5/6/8 PDS5/6/8 ELS61/81 PLS62 - Exposure of Sensitive Information via Physical Access
CVSS 2.4
CVE-2023-45875 HIGH
Couchbase Server <7.2.0 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits